TOC & Recently Viewed

Recently Viewed Topics

Log Correlation Engine Software Requirements

Version Software Requirements
  • An active LCE license
  • RHEL/CentOS 5.x, 6.x, or 7.x, 64-bit
  • An active LCE license
  • RHEL/CentOS 5.x, 6.x, or 7.x, 64-bit
  • Elasticsearch 2.3.3 to 2.4.6
  • Java Runtime Environment (JRE) 1.8 update 20 or later
Previous Versions
4.4.x through 4.8.x
  • An active LCE license
  • RHEL/CentOS 5.x, 6.x, or 7.x, 64-bit

Additionally, while LCE is active, it requires exclusive access to certain ports. The only services that are required to support remote users are SSH and the LCE interface (lce). If other services are active on the system, conflicts should be avoided on the following default ports:

Ports LCE Receive (Listen) On
Port Description
514/UDP  Syslog
22/TCP SSH, for requests from Tenable.SC
601/TCP Syslog
1243/TCP Vulnerability detection, if enabled in Tenable.SC
6514/TCP Encrypted syslog
8836/TCP LCE Administrative Web UI
31300/TCP Events from LCE Clients
Ports LCE Sends On
514/UDPSyslog (forwarded)
443/TCPPull requests to the plugins feed at
601/TCPSyslog (forwarded)
Ports LCE uses over Loopback Interface
7091/TCPInternal communication, showids to lce_queryd
7092/TCPInternal communication, lce_tasld to lced

Caution: The system running the LCE can operate a syslog daemon, but the syslog daemon must not be listening on the same port(s) that the LCE server is listening on.

Copyright © 2020 Tenable, Inc. All rights reserved. Tenable,, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.., Lumin, Assure, and the Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.